Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2013-069 - Password Policy - XSS

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-069
  • Project: Password policy (third-party module)
  • Version: 6.x, 7.x
  • Date: 2013-August-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-068 - Entity API - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-068
  • Project: Entity API (third-party module)
  • Version: 7.x
  • Date: 2013-August-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2013-067 - BOTCHA - Information Disclosure (potential Privilege Escalation)

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-067
  • Project: BOTCHA Spam Prevention (third-party module)
  • Version: 7.x
  • Date: 2013-August-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure

SA-CONTRIB-2013-066 - Monster Menus - Multiple Vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-066
  • Project: Monster Menus (third-party module)
  • Version: 6.x, 7.x
  • Date: 2013-August-07
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2013-065 - Organic Groups - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-065
  • Project: Organic groups (third-party module)
  • Version: 7.x
  • Date: 2013-August-07
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass, Multiple vulnerabilities

SA-CONTRIB-2013-064 - Persona - Cross site request forgery (CSRF)

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-064
  • Project: Mozilla Persona (third-party module)
  • Version: 7.x
  • Date: 2013-August-07
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2013-063 - Authenticated User Page Caching (Authcache) - Information Disclosure

SA-CONTRIB-2013-062 - RESTful Web Services (RESTWS) - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-062
  • Project: RESTful Web Services (third-party module)
  • Version: 7.x
  • Date: 2013-August-07
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2013-061 - Flippy - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-061
  • Project: Flippy (third-party module)
  • Version: 7.x
  • Date: 2013-July-31
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2013-060 - Scald - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-060
  • Project: Scald (third-party module)
  • Version: 6.x, 7.x
  • Date: 2013-July-24
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects